Ransomware Attacks on Councils and Dark Web Auctions of Stolen Data

Published on 06/07/20 | Written by Dr Andrew Larner, Chief Executive at iESE

Recent information published by the MITRE ATT&CK® knowledge base illustrates that there are increasing threats targeted specifically at Government (Central and Local) from Nation States and organised criminal groups, designed to cause “local disruption” and access “sensitive data”.

Among the many recently identified threat vectors that should concern Local Government is a threat group known as APT12, which has been attributed to China. The group has targeted a variety of victims including, media outlets, high-tech companies, and multiple Governments and governmental organisations. They have expertly exploited multiple vulnerabilities for execution, which is particularly concerning at this moment in time with workers operating remotely. There is a fear that malicious code may be “injected” into remote workers’ machines and remain inactive until that device is reconnected to the central network.

The techniques above are often used to effect ransomware attacks on organisations and a particularly worrying development is the move from requesting a set ransom from the specific Council to putting a sample of their data up on auction sites to raise the ransom value to a higher level, selling to the highest bidder. Not only would you be unable to perform your critical functions, but the whole world would immediately know about it and be able to see a sample of stolen data!

In early June, the University of California San Francisco (UCSF) was attacked by the notorious NetWalker ransomware; medical research files were encrypted, and a demand was made for $3m Bitcoin payment. BBC News was anonymously tipped-off about the ransom and was able to follow the demands and negotiations in near real-time. The University ended up negotiating a settlement of $1.14m to stop the data being sold on the dark web.

It is impossible for any anti-virus, EDR, firewall solution to continuously update and increase their signatures to stop all these attacks, many of which have not been seen before. However, there is now a unique and patented zero-day, zero-trust technology. Unlike other malware protection, this technology is capable of defence on day zero when the virus is first released as it does not need to know or have seen previously the signature of the attack. And zero-trust means that it monitors everything and trusts nothing.

We are currently testing this new technology with local authorities, if you are interested in booking a demonstration for your council please contact craig.white@iese.org.uk.